To completely disable the FTP access on the server follow the below steps:
root@server[#] vi /etc/csf/csf.conf
Search for the lines:
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit.And then restart the CSF firewall using the below command:
root@server[#] csf -r
If you want to block FTP access for a Specific IP then follow the below steps:
root@server[#] vi /etc/csf/csf.deny
and add the line :
tcp:in:d=21:s=10.10.10.10save and quit
And then restart CSF firewall using the below command:
root@server[#] csf -r
If you want to allow FTP access for only one ip on the server and denied for all other IPS
root@server[#] vi /etc/csf/csf.conf
Then search for the line:
# Allow incoming TCP ports
and the remove the ports : 21 and 22also search for the line :
# Allow outgoing TCP ports
and remove the ports: 21 and 22Save and quit
Then open the csf.allow file
root@server[#] vi /etc/csf/csf.allow
and add the entry as :tcp:in:d=21:s=10.10.10.10
Save and Quit.
And then restart the CSF service
root@server[#] csf -r
Note: Replace the IP 10.10.10.10 with the Actual IP.